Bug#246232: unnecessary warnings about insecure working directory
Package: apt
Version: 0.5.24
Severity: normal
I get the following warning multiple times when running apt-get from
a command-line as root user, with working directory /incoming:
/usr/lib/ruby/1.8/debian.rb:77: warning: Insecure world writable dir /incoming/., mode 040777
"ls -l -d /incoming" gives:
drwxrwxrwx 39 root root 4096 2004-04-27 18:28 /incoming
The warning is given or not given as the permissions on the working
directory vary.
So the fact about the directory is true, but I think I should not be
warned about this fact. I think it should not matter what the
permissions are on the working directory when I invoke apt-get. If it
does, then this is a more serious bug.
Whether this is a problem in libdpkg-ruby1.8 or in apt-get, I don't
know, so I am submitting this report about the program I invoked
directly.
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "i386";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::userstatus "status.user";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "if dpkg -s apt-listbugs | grep -q '^Status: .* ok installed'; then /usr/sbin/apt-listbugs apt || ( test $? -ne 10 || exit 10; echo 'Warning: apt-listbugs exited abnormally, hit any key to continue.' 1>&2 ; read a < /dev/tty ); fi";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
-- (no /etc/apt/preferences present) --
-- /etc/apt/sources.list --
#deb http://ftp.us.debian.org/debian/ sarge main
#deb http://mirrors.kernel.org/debian/ testing main non-free contrib
#deb-src http://mirrors.kernel.org/debian/ testing main non-free contrib
#deb http://security.debian.org/ stable/updates main contrib non-free
#deb http://mirrors.kernel.org/debian/ testing main non-free contrib
#deb-src http://mirrors.kernel.org/debian/ testing main non-free contrib
deb http://security.debian.org/ stable/updates main contrib non-free
# MSS above came from Debian install on new Jesse (commented out first two of last three lines above)
# See sources.list(5) for more information
# primary
# http://http.us.debian.org/debian
# http://non-us.debian.org
# mirrors
# http://llug.sep.bnl.gov/debian
# http://lyre.mit.edu/debian
# http://mirror.csit.fsu.edu/debian-non-US/
# apt-build
# deb file:/var/cache/apt-build/repository apt-build main
# MSS
# bug 157761 says above is wrong and try this (works).
# MSS think this must be first
# removed this package until it's more mature 8/28/02
# deb file:/var/cache/apt-build/repository ./
# my latest and past work can be found under the following APT source lines:
# use this source line for unstable drivers
#deb http://people.debian.org/~rdonald/nvidia unstable/i386/
# use this line for unstable kernel modules
#deb http://people.debian.org/~rdonald/nvidia modules-unstable/i386/
#use this line for experimental prerelease drivers
#deb http://people.debian.org/~rdonald/nvidia pre/i386/
### US
#deb http://http.us.debian.org/debian stable main contrib non-free
deb http://http.us.debian.org/debian testing main contrib non-free
#deb http://http.us.debian.org/debian unstable main contrib non-free
## ALT
#deb http://debian.crosslink.net/debian unstable main contrib non-free
#deb-src http://http.us.debian.org/debian stable main contrib non-free
deb-src http://http.us.debian.org/debian testing main contrib non-free
#deb-src http://http.us.debian.org/debian unstable main contrib non-free
## ALT
#deb-src http://debian.crosslink.net/debian unstable main contrib non-free
#deb http://http.us.debian.org/debian proposed-updates main contrib non-free
#deb http://http.us.debian.org/debian testing-proposed-updates main contrib non-free
#deb-src http://http.us.debian.org/debian proposed-updates main contrib non-free
#deb-src http://http.us.debian.org/debian testing-proposed-updates main contrib non-free
### NON-US
#deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://non-us.debian.org/debian-non-US testing/non-US main contrib non-free
#deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb-src http://non-us.debian.org/debian-non-US testing/non-US main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free
#deb http://non-us.debian.org/debian-non-US proposed-updates/non-US main contrib non-free
#deb http://non-us.debian.org/debian-non-US testing-proposed-updates/non-US main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US proposed-updates/non-US main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US testing-proposed-updates/non-US main contrib non-free
### Mozilla's java -- needed any more?
#deb ftp://ftp.tux.org/packages/java/debian testing main non-free
#deb ftp://ftp.tux.org/packages/java/debian unstable main non-free
#deb-src ftp://ftp.tux.org/packages/java/debian testing main non-free
#deb-src ftp://ftp.tux.org/packages/java/debian unstable main non-free
### KDE
# NOTE: unstable goes directly into Debian unstable/testing
#deb http://ftp.us.kde.org/pub/kde/stable/latest/Debian stable main
# NOTE: no deb-src here
## ALT
#deb ftp://ibiblio.org/pub/packages/desktops/kde/stable/latest/Debian stable main
#deb http://ftp.du.se/pub/mirrors/kde/stable/latest/Debian stable main
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.5
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages apt depends on:
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libgcc1 1:3.3.3-6 GCC support library
ii libstdc++5 1:3.3.3-6 The GNU Standard C++ Library v3
-- no debconf information
Reply to: